I already have the redis.connection.secure property set in my gate override file, but this would only let me use a single node non-ssl version of elasticache. I was able to trace the property back to bypassing the notify-keyspace-events configuration and hence the requirement to set it manually.
As @ttomsu points out, JedisConnectionFactory is programmatically instantiated in GateConfig without providing options to override useSsl flag, so i am not quite sure to enable this behavior as we can not rely on property override capabilities of spring boot.
Another interesting fact is that if deploying a redis version suggested by stitch-fix, it would not let us enable in transit ssl and password as those options are enabled for versions 3.2.6 and 4.x (which we’re trying to use)

Your best bet may to file a feature request and either wait for someone in the community to pick it up or implement it yourself. The kork-jedis would be my first place to put common config code like this, though I suggest reaching out to the #dev channel in the chat room for further guidance.

Just to clarify my goal, we wanted to back up the pipeline execution logs and ensure they can be recovered. Going back to the drawing board, i realized that i only need to update orca’s configuration to make this work, and have everything else (cached data) go through the internal redis instance as its state gets constantly rebuilt.

On top of that, Orca’s legacy redis configuration beans1 are marked as deprecated, and I traced the change back to PR with configuration necessary to switch the redis connection for execution repository to the external ssl enabled and password protected instance.
default/profiles/orca-local.yml